渣打银行风险管理手册

Risk Wholesale Bank An orientation to effective risk management & controlTABLE OF CONTENTSIntroduction3Risk Culture what does it mean at Standard Chartered3Business and Risk4Risk Principles (also refer Database B 101)5Risk Types5Credit Risk5Country Risk (also refer database B 301 and B 326)6Market and Liquidity Risk (also refer Group Market Risk Policy Database)6Operational Risk (also refer database B 501)7Compliance Risk (also refer database B 601 and B 602)8Reputational Risk (also refer database B 701 and J401)9Environmental and Social Risk (also refer database B 204)9Risk Management Framework & Matrix of Responsibilities9Risk Management Organization10Group Level10Functional Level11Country Level11Risk Policies and Procedures111. Group Policies112. Functional Policies123.Country Underwriting Standards12Risk Pricing13Economic Profit13Measurement Tools13Pricing Guidelines13Management of Customers/Counterparties14Target Customers14Name Lending14Money Laundering Know your customer (also refer database B 507 and B 534)14Types15I.CORPORATES15Groups (also refer database J 202, J 203 and J 206)15Lending to Holding Companies (also refer database J101)15Subsidiary Companies (also refer database J 207)15II.BANKS16Banks and Financial Institutions (also refer database J 154, J 155, J 307, J 804 & J 806)16III.GOVERNMENTS16Governments and Government Owned Companies (also refer database J 204)16IV.INVESTMENT INSTITUTIONS16Funds, Fund Managers and Hedge Funds (also refer database J 807 and J 808)16V.PERSONAL BORROWERS16Lending to Individuals within Functional level policy (also refer database J 104)17Products17Categories of Risk for Limit Purposes Category 1,2&3 (also refer database R 201)17Suitability, Saleability, Pricing (also refer database J 101, J111)18Specific Requirements (also refer database J 101, J 302, J307)18Specialist Product and Higher Risk Areas (also refer database J 101)18Restricted Activities (also refer database J 101 and B 702)18Environmental and Social Risk (also refer database B204 and B 226)19Others (also refer database J 101)19Approval Process19Business Credit Application (also refer database J 151, J154,)19Credit Grades (also refer database D 101 and J 206)21Grading Groups and use of Parental Support (also refer database J 206)22Regulatory Compliance (also refer database B 202)22Credit Reference Levels (also refer database J 121)22Security (also refer database J 158 and J 616)23Country Risk (also refer database B 326)23Approval Authorities (also refer database J 102 & J 152)23Pre Disbursal Process Control of Lending24Securing Documentation (also refer database J175 and J506)24Monitoring & Control25Trigger Points (also refer database J 151)25Early Alert Accounts (also refer database J 503)25Accounts Subject To Additional Review (also refer database J 505)25Management of Special Assets - GSAM26Accounts graded CG 12 (also refer database N 101)26Lessons Learned Review (also refer database N 300)26IntroductionWelcome to Standard Chartered Bank. This risk handbook will give you an introduction to the various risk related activities within the bank. This handbook is not meant to be a “Bible” on Risk Management but instead will provide you with the background to several key areas within the lending function and will serve as your “first point of reference”. Elaboration and detail of any policy or process will be found in the respective database(s) and you will be provided a reference to the same in the handbook. Further, if you are in a sales related role, you must also refer to the Relationship Managers Guide, which will equip you on, “How to be a better Relationship Manager and become a partner to your clients”. Risk Culture what does it mean at Standard Chartered What is culture? Webster defines it as:The set of shared attitudes, values, goals, and practices that characterises a organisation - the key word is shared. We all have different roles to play within the organisation but one thing is clear, Standard Chartered can and will only be successful if we all take ownership of risk and accept accountability for our actions. Every one of us can lead by example and ensure that the decisions we make, the actions we take, are to the long term benefit of the bank firstly and that any personal benefit is subordinate. The bank benefits from a strong risk culture and we endeavour to reward good risk behaviour in the same way that we reward other achievements. Those of us who demonstrate a sound approach to risk can expect to see this further our careers and be appropriately rewarded. Saving losses is as important as growing revenue. We expect people to behave responsibly and to bring problems to the fore at the earliest possible stage. In the same way that we expect openness and full disclosure from our clients, so we expect it of ourselves. Problems are there to be solved, not hidden. In a good, sound institution risk is an integral part of strategic planning from the top down. Good risk culture derives from good risk behaviour, a collegiate approach, open and robust debate on issues of concern and most of all a firm and unwavering commitment to a No Surprises philosophy. We will also ensure we all have a clear framework within which to operate and that we all understand what we can and can not do. The following table lays down key characteristics of effective risk culture:SCB Risk CultureWe succeed if everyone sees ownership of risk as part of their responsibility, not everyone elses; it doesnt have to be in the job description.We are all expected to take risk decisions in the best interests of the Bank as a whole, not just our part of it.Risk behaviour that is in the best interests of the Bank will be recognised in career development and promotion.Risk ownership begins as close to the client as possible and is an active, on-going responsibility.Group Risk will provide and communicate a clear and unambiguous framework of policies, principles and processes for risk ownership and review.All risks decisions will have a clearly identifiable audit trail and the Bank will hold staff accountable.In holding people to account, the Bank will differentiate between unforeseeable consequences and deliberate policy- flouting.Saving significant losses will be rewarded in the same way as growing the revenue line.The Bank will work to create a climate in which staff can talk honestly and openly about risk or problems at a sufficiently early stage, with the emphasis on solutions.We will openly discuss and learn lessons from mistakes/misjudgements.The Bank will ensure that all employees receive Risk training appropriate to their position, starting with induction.Business and Risk Most dictionaries define risk as danger or the possibility of something harmful or undesirable happening. Consequently the intuitive understanding of the word is a “negative” one. However, as a Bank, risk is our business and we profit from managing it. Therefore it is imperative that we understand the risks we face and have robust systems that identify, measure and manage these risks and have people who are risk aware so that we can exploit the opportunities that are presented to us. Specifically we need to ensure when we accept risk, we do so because it fits with our strategy, is within underwriting standards, is priced and approved appropriately and is monitored constantly. Risk Principles (also refer Database B 101)The Basic Principles of Risk Management within the bank are:We recognise that revenue is earned by accepting risk and we will ensure that business activities are controlled on the basis of risk adjusted return. We will be explicit in setting our appetite for risk and we will manage risk to stay within agreed parameters. It follows from this that risk must be quantified wherever possible.Risk will be assessed before acceptance and for as long thereafter as we remain exposed to it. We will comply with all applicable laws and regulations in every country where we do business, and with the governance standards prescribed for listed companies. We will apply high and consistent ethical standards to our relationships with all customers, employees, and other stakeholders. Group activities will be undertaken in accordance with fundamental control standards. These controls will employ the disciplines of planning, monitoring, segregation, authorisation and approval, recording, safeguarding, reconciliation, and valuation. Risk TypesOften credit risk is considered as the only risk that lenders need to evaluate when arriving at a lending decision. In an increasingly dynamic and complex marketplace, it is imperative that we consider all the types of risk that could exist and then dimension and evaluate the critical ones so as to focus our limited time and resources on them before arriving at a decision. As a bank we generate most of our revenues by accepting risk of differing types in our lending decisions. For a summary of definitions of the main types of risk, also refer database B 101. The main types of risk that need to be considered are: -Credit RiskIn assessing credit risk we seek to establish the probability that a counterparty will not repay its obligations to the bank. The better the quality of the customer, the lower is the expected probability of default. The assessment of this risk is carried out by the nature of the counterparty and can be broadly categorised into the following:Corporates These include Local Franchises and MNC segments of the Corporate Bank and are approved by Credit Officers with delegated lending authority within the Country and if beyond their authority then at Regional Credit Officer level or Group level.Non Corporates These include Governments, Banks, Financial Institutions and Investment Institutions. Given that the nature of these counterparties are very different from that of Corporates, the same are assessed and approved by Markets and Institutions Risk Management (MIRM) which is an independent approving unit within the Risk Management function. MIRM on a centralised basis supports the banks business in setting and approving credit limits on counterparties to support the following activities: 1. Asset Liability Management This is done on a portfolio basis and against pre agreed norms with regard to counterparty rating, nature of instrument and amount of exposure and does not need specific approval on a counterparty basis. These are controlled on an oversight basis with regard to outstandings and credit quality.2. Normal Business This is done on a product basis (e.g. Trade Finance, FEX, Derivatives, Fixed Income Securities, Syndications, etc.) and with reference to a specific counterparty on whom credit limits are established.Sovereign Risk and Country Risk are they the same? NO, Sovereign Risk is the counter-party credit risk of a borrower who is a government or a wholly owned entity of a government. Hence sovereign risk is assessed as part of the risk approval process for Non Corporates and should not be confused with Country Risk. Country Risk (also refer database B 301 and B 326)Country Risk arises when the bank has a cross border exposure on a counterparty on which we have Credit Risk. Country Risk is the risk that our counterparty is unable to meet its contractual obligations as a result of adverse economic conditions or actions taken by governments in the relevant country. Given that this is independent of the counterparty credit risk, we assess this risk in addition to credit risk. Since the assumption of country risk requires capital allocation, we also price for it in accordance to the risk of the country on which an exposure is being taken. Country risk arises in all cases other than in those that are on-shore transactions in domestic currency. Nominated Country Risk Allocation Holders manage and monitor this risk under the supervision of Group Country Risk in London. (also refer database B327 and B329, for details of allocation holders and country status)A modular e-learning solution is also available on Peoplewise for Country Risk.Market and Liquidity Risk (also refer Group Market Risk Policy Database)Unlike Credit and Country Risk where the risk needs to be assessed at a counterparty level, Market and Liquidity risk are assessed in the main on a portfolio basis. However, in the case of large or complex exposures this could also be evaluated at a transaction level. Typically these risks are evaluated with the use of sophisticated statistical models which are employed to quantify these risks at transaction or portfolio level. Group Market Risk is responsible for the overall framework and management/ control of market and liquidity risk within the organisation. They evaluate and implement the models and validate the assumptions in the models on a continuous basis. At a business and country level, they monitor and control these risks by delegating authority to Local Management who are primarily responsible to comply with the group guidelines. These can be briefly explained as under: -1. Market Risk is the risk to the Groups earnings and capital due to changes in the market level of interest rates, securities, foreign exchange and equities, as well as the volatilities of those prices. Group Market Risk prescribes the unified framework for the assessment and control of market price risk. A risk monitoring limit and reporting structure is set out for portfolios of products, instruments, and income streams, where the economic value is directly or indirectly sensitive to changes in variable market prices, such as spot foreign exchange or interest rates.2. Liquidity risk management involves the ability to manage and maintain adequate liquidity at all times. Good liquidity risk management will result in the bank being in a position (in the normal course of business) to meet all its obligations, to repay depositors, to fulfil commitments to lend and to meet any other commitments it may have made. Of critical importance is the need to avoid having to liquidate assets or to raise funds at unfavourable terms resulting in financial loss or long term damage to the reputation of the Bank. Prudent liquidity management is of paramount importance as the ultimate cost of a lack of liquidity is being out of business, which we cannot afford.Operational Risk (also refer database B 501)In addition to other established risk classes discussed so far, the bank also views Operational risk as a separate risk class. Like Credit, Market and Liquidity risks, Operational Risk too has evolved in the Group and now has its own established policies (also refer database sub chapter B 500) and procedures (also refer database sub chapter B 525) to facilitate management and measurement. Operational Risk is defined as “The risk that the Group will incur direct or indirect loss due to an event or action causing the failure of technology, processes, infrastructure, personnel and other risks having operational impact. Legal risk is included. This definition excludes strategic/business and reputational risk”. Some of the key developments in this area are enumerated hereunder: Operational Risk coverage is now enterprise wide i.e. across front office / middle office and back office functions in the Group and works on a de-centralised model, with business and countries taking greater responsibility and ownership for day-to-day risk management. Group Operational Risk is today an independent risk unit within Group Risk and is responsible for defining and implementing the Groups Operational Risk Policy and framework. In addition to the Operational Risk unit, the Group Operational Risk function also includes Group Insurance and Group Security (including responsibility for the Groups Continuity Planning Policy). The Operational Risk management framework is also being used to track and manage non-traditional risks like Reputational, Compliance, Social, Ethical and Environmental risk in the Group. Risk management at country, business and Group levels is an integrated process and is through self-assessment and exception reporting. The evolving relationship between a robust control environment and shareholder value has resulted in a greater governance focus within organizations. Roles and responsibilities are also being constantly reviewed / enhanced to support the same and Group Audit plays an active role in reviewing the effectiveness of risk management process and framework. On the international front Standard Chartered is a member on the Financial Services Authority (FSA) Advisory panel on Operational Risk and the Institute of International Finance (IIF) Working Group on Operational Risk. All employees have a role to play in managing operational risk and compliance with the Group Operational Risk Policy & Procedures is mandatory. You must ensure that your key operational risks are understood, being managed and reported (where significant) to senior management. Within the Wholesale Bank, significant risks should be reported to the Wholesale Bank Risk Committee. Coverage should be across front office, middle office and back office areas and scope should not be restricted to just Service Delivery / Technology issues. Compliance Risk (also refer database B 601 and B 602)Since Banking and Financial service activities are conducted within a framework of obligations imposed by regulators and national/ international law, complying with such requirements is not optional for the bank. The consequences of non-co